I keep getting this error every time I try to pass a value to a method.
Here is a sample nonworking method. I''ve been pulling my hair out over
this all night! Why won''t it work!?
My url path is :3000/store/browse/shoes and I''m getting this in the log
Parameters: {"action"=>"browse",
"id"=>"shoes",
"controller"=>"store"}
# function to browse the store
def browse (category)
@product_pages,@products = paginate(:products,
:per_page => 12,
:conditions => "status=
''current'',
category =
#{category}")
render :template => "store/index"
end
--
Posted via http://www.ruby-forum.com/.
I should specify that I''m calling the funtion with a link <a href="/store/browse/shoes"> -- Posted via http://www.ruby-forum.com/.
charlie bowman wrote:> I should specify that I''m calling the funtion with a link <a > href="/store/browse/shoes">For starters, actions don''t take arguments. If you want it to be called from a URL, you need to pass arguments in params so your URL would look like this.. <%= link_to ''Browse'', :controller=>''store'', :action=>''browse'', :id=>''shoes'' %> .... I''ll assume that you are passing the category through the ''id'' value... ... def browse @product_pages,@products = paginate(:products, :per_page => 12, :conditions => ["status= ''current'', category = ?", params[:id]]) render :template => "store/index" end ** please also note that directly substituting a parameter string into an SQL query is a REALLY BAD idea. Please don''t do this. Think of the children. -- Posted via http://www.ruby-forum.com/.
thank you so much! I''ve been trying for hours to figure that out. With
a small modification to your action it worked perfectly.
def browse
@product_pages,@products = paginate(:products,
:per_page => 12,
:conditions => ["status=
''current'' and
category = ?",
params[:id]])
render :template => "store/index"
end
Thanks again!
--
Posted via http://www.ruby-forum.com/.
Just a question on passing parameters ..Rails converts a url like :controller=>''store'',:action=>''browse'',:id=>2 to something like store/browse/2 Looks like the parameter :id is special in some way. Can we use other parameters and if yes are they converted to a urlencoded string sent along with the url like a GET method in forms ? for example what if i need something like the value of some variable like the user''s browser. ( :ua => ''moz'' ..) which could be set by a script Vivek On 1/4/06, Kevin Olbrich <kevin.olbrich@duke.edu> wrote:> > charlie bowman wrote: > > I should specify that I''m calling the funtion with a link <a > > href="/store/browse/shoes"> > > For starters, actions don''t take arguments. > If you want it to be called from a URL, you need to pass arguments in > params so your URL would look like this.. > > <%= link_to ''Browse'', :controller=>''store'', :action=>''browse'', > :id=>''shoes'' %> > > .... > I''ll assume that you are passing the category through the ''id'' value... > ... > > def browse > @product_pages,@products = paginate(:products, > :per_page => 12, > :conditions => ["status> ''current'', > category = ?", > params[:id]]) > render :template => "store/index" > end > > > ** please also note that directly substituting a parameter string into > an SQL query is a REALLY BAD idea. Please don''t do this. Think of the > children. > > > -- > Posted via http://www.ruby-forum.com/. > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060104/390e845b/attachment.html
Vivek Krishna wrote:> Just a question on passing parameters ..Rails converts > a url like > :controller=>''store'',:action=>''browse'',:id=>2 > to something like > store/browse/2 > Looks like the parameter :id is special in some way. Can we use other > parameters and if yes are they converted to a urlencoded string sent > along > with the url like a GET method in forms ? > > for example what if i need something like the value of some variable > like > the user''s browser. ( :ua => ''moz'' ..) which could be set by a script > > VivekIf you add additional parameters that don''t show up in your routing, you will get something like this... http://www.somesite.com/store/browse/2?ua=moz Which is a great way to pass additional information in some cases. Just remember that the user can also type in lines like this manually, so be careful what you do with them. -- Posted via http://www.ruby-forum.com/.
Kevin Olbrich wrote:> def browse > @product_pages,@products = paginate(:products, > :per_page => 12, > :conditions => ["status= > ''current'', > category = ?", > params[:id]]) > render :template => "store/index" > end > > > ** please also note that directly substituting a parameter string into > an SQL query is a REALLY BAD idea. Please don''t do this. Think of the > children.What should be done with this parameter string before inserting it into a query? Say you want it to be a number. Check if the string represents an integer? -- Posted via http://www.ruby-forum.com/.
Lieven De Keyzer wrote:> What should be done with this parameter string before inserting it into > a query? Say you want it to be a number. Check if the string represents > an integer?The safe way to insert it would be to use :conditions => ["category = ?", params[:id]] This performs some additional checking to avoid insertion of dangerous strings. What it won''t do is validate if the user should be able to actually access that record or not. You could also do a table lookup. Use the parameter as a key to a pre-made hash if you only do a couple of lookups. For example.... limits = {''first''=>''firstname, lastname'', ''last''=>''lastname, firstname''} People.find(:all, :order => limits[params[:sort]]) you could call this with a helper like this.. link_to ''Sort by lastname'', :action=>''action'', :sort=>''last'' -- Posted via http://www.ruby-forum.com/.